VYPR
High severity7.8NVD Advisory· Published Sep 11, 2016· Updated Jun 17, 2026

CVE-2016-3863

CVE-2016-3863

Description

Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

24
  • Google/Android24 versions
    cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*+ 23 more
    • cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    • (no CPE)range: 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, 7.0 before 2016-09-01

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.